Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] SAS token with only date in expiration time fails with IllegalArgumentException #35545

Closed
3 tasks done
sfc-gh-osinha opened this issue Jun 20, 2023 · 3 comments · Fixed by #35594
Closed
3 tasks done

[BUG] SAS token with only date in expiration time fails with IllegalArgumentException #35545

sfc-gh-osinha opened this issue Jun 20, 2023 · 3 comments · Fixed by #35594
Labels
Client This issue points to a problem in the data-plane of the library. customer-reported Issues that are reported by GitHub users external to the Azure organization. needs-team-triage Workflow: This issue needs the team to triage. question The issue doesn't require a change to the product in order to be resolved. Most issues start as that Storage Storage Service (Queues, Blobs, Files)

Comments

@sfc-gh-osinha
Copy link

sfc-gh-osinha commented Jun 20, 2023
edited
Loading

Describe the bug
When providing a SAS token containing se=20XX-XX-XX in the token, we get an exception even though it states it is supported to only include a date here which is referenced by the page for SAS tokens here.

We get an exception originating from here with
java.lang.IllegalArgumentException: Invalid Date String: 20XX-XX-XX. at com.azure.storage.common.implementation.StorageImplUtils.parseDateAndFormat(StorageImplUtils.java:413) Invalid Date String: 20XX-XX-XX..

Exception or Stack Trace

com.azure.storage.common.implementation.StorageImplUtils.parseDateAndFormat():413
com.azure.storage.common.sas.CommonSasQueryParameters.getQueryParameter():173
com.azure.storage.common.sas.CommonSasQueryParameters.<init>():90
com.azure.storage.blob.BlobUrlParts.parse():393

To Reproduce
BlobUrlParts.parse(new URL("https://<storage-account>.blob.core.windows.net/<container>/<file>?sv=2021-04-10&spr=https&se=2023-06-20&sr=b&sp=r&sig=xyz"));
fails with

Exception in thread "main" java.lang.IllegalArgumentException: Invalid Date String: 2023-06-20.
	at com.azure.storage.common.implementation.StorageImplUtils.parseDateAndFormat(StorageImplUtils.java:413)
	at com.azure.storage.common.sas.CommonSasQueryParameters.getQueryParameter(CommonSasQueryParameters.java:173)
	at com.azure.storage.common.sas.CommonSasQueryParameters.<init>(CommonSasQueryParameters.java:90)
	at com.azure.storage.blob.BlobUrlParts.parse(BlobUrlParts.java:393)
	at org.example.Main.main(Main.java:10)

Code Snippet
Above ^

Expected behavior
Don't fail.

Screenshots
If applicable, add screenshots to help explain your problem.

Setup (please complete the following information):

  • OS: CentOS
  • IDE: Intellij
  • Library/Libraries: azure-storage-blob:12.16.0
  • Java version: 8
  • App Server/Environment: N/A

If you suspect a dependency version mismatch (e.g. you see NoClassDefFoundError, NoSuchMethodError or similar), please check out Troubleshoot dependency version conflict article first. If it doesn't provide solution for the problem, please provide:

  • verbose dependency tree (mvn dependency:tree -Dverbose)
  • exception message, full stack trace, and any available logs

Additional context
Add any other context about the problem here.

Information Checklist
Kindly make sure that you have added all the following information above and checkoff the required fields otherwise we will treat the issuer as an incomplete report

  • Bug Description Added
  • Repro Steps Added
  • Setup information Added
@github-actions github-actions bot added Client This issue points to a problem in the data-plane of the library. customer-reported Issues that are reported by GitHub users external to the Azure organization. needs-team-triage Workflow: This issue needs the team to triage. question The issue doesn't require a change to the product in order to be resolved. Most issues start as that Storage Storage Service (Queues, Blobs, Files) labels Jun 20, 2023
@sfc-gh-osinha sfc-gh-osinha changed the title [BUG] SAS token with only Date in Expiration time fails with IllegalArgumentException [BUG] SAS token with only date in expiration time fails with IllegalArgumentException Jun 20, 2023
@brendonjwong brendonjwong mentioned this issue Jun 22, 2023
Open
@brendonjwong
Copy link

brendonjwong commented Jun 22, 2023
edited
Loading

Reposting because I mistakenly commented on an issue on the older Azure storage SDK repo:

I have run into the same issue when using a connection string that includes a SAS token with dates without the time components, e.g. BlobEndpoint=https://foo.blob.core.windows.net/;SharedAccessSignature=sv=2021-06-08&ss=b&srt=co&sp=rwdlaciyx&se=2024-12-01&st=2022-12-01&spr=https&sig=<redacted>.

java.lang.IllegalArgumentException: Invalid Date String: 2022-12-01.
        at com.azure.storage.common.implementation.StorageImplUtils.parseDateAndFormat(StorageImplUtils.java:346)
        at com.azure.storage.common.sas.CommonSasQueryParameters.getQueryParameter(CommonSasQueryParameters.java:173)
        at com.azure.storage.common.sas.CommonSasQueryParameters.<init>(CommonSasQueryParameters.java:88)
        at com.azure.storage.common.implementation.connectionstring.StorageAuthenticationSettings.<init>(StorageAuthenticationSettings.java:90)
        at com.azure.storage.common.implementation.connectionstring.StorageAuthenticationSettings.fromConnectionSettings(StorageAuthenticationSettings.java:57)
        at com.azure.storage.common.implementation.connectionstring.StorageServiceConnectionString.tryCreate(StorageServiceConnectionString.java:61)
        at com.azure.storage.common.implementation.connectionstring.StorageConnectionString.create(StorageConnectionString.java:111)
        at com.azure.storage.blob.BlobContainerClientBuilder.connectionString(BlobContainerClientBuilder.java:347)
        ...

However, I found that if I pass that SAS to the sasToken method, I'm able to build the client and read/write blobs successfully.

new BlobContainerClientBuilder()
    .endpoint("https://foo.blob.core.windows.net/")
    .sasToken("sv=2021-06-08&ss=b&srt=co&sp=rwdlaciyx&se=2024-12-01&st=2022-12-01&spr=https&sig=<redacted>")
    .containerName("bar")
    .buildClient();

So even within this SDK, the behavior of how SAS tokens are handled is inconsistent.

We're using Java 11 with azure-storage-blob version 12.22.2

@ibrahimrabab
Copy link
Contributor

Hi @sfc-gh-osinha and @brendonjwong
Thank you both for reaching out for this! This is definitely an issue in the SDK, and we are putting out a fix soon to support date only (without the time).
Was wondering, how did either of you generated the SAS token with dates without the timestamps? So that we can reproduce this and add a test case on our end.
Thanks!

@brendonjwong
Copy link

@ibrahimrabab we created the SAS token using the AZ CLI:

sas_start=$(date +"%Y-%m-%d")
sas_expiry=$((date -d "1 years" +"%Y-%m-%d" || date -v +1y +"%Y-%m-%d") 2> /dev/null)

az storage account generate-sas \
  --https-only \
  --subscription <subscription-id> \
  --account-name <account-name> \
  --permissions rwlac \
  --resource-types sco \
  --services b \
  --start $sas_start \
  --expiry $sas_expiry

@ibrahimrabab ibrahimrabab mentioned this issue Jun 23, 2023
Merged
@github-actions github-actions bot locked and limited conversation to collaborators Sep 21, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
Client This issue points to a problem in the data-plane of the library. customer-reported Issues that are reported by GitHub users external to the Azure organization. needs-team-triage Workflow: This issue needs the team to triage. question The issue doesn't require a change to the product in order to be resolved. Most issues start as that Storage Storage Service (Queues, Blobs, Files)
Projects
None yet
Milestone
No milestone
3 participants
@brendonjwong @sfc-gh-osinha @ibrahimrabab